Closed dlechevalier closed 4 years ago
I need this fix fast so i did a PR in the morning: https://github.com/mrparkers/terraform-provider-keycloak/pull/198 I just need to fix the test and rebase.
Hi @dlechevalier, thanks for the issue.
You can omit the pkce_code_challenge_method
attribute entirely, and it will end up being an empty string on the Keycloak server. I just tested this on Keycloak 8.0.0 using the latest version of this provider.
Can you give that a shot and see if it works for you?
Hi, i've tried with keycloak 7.0.
If not specified, pkce_code_challenge_method is set to an empty string and there's no problem.
But if i set pkce_code_challenge_method to S256 using the GUI (some people in my team do it this way) and then update the client with the provider, pkce_code_challenge_method is set back to empty if not defined in the provider config. I just want to set the default value as empty in my openid_client custom module and specify S256 only for those who need PKCE (public clients). For now, i can only set the default value to "S256" or "plain".
if i set pkce_code_challenge_method to S256 using the GUI (some people in my team do it this way) and then update the client with the provider, pkce_code_challenge_method is set back to empty if not defined in the provider config
I think this behavior will remain even if the provider supported an empty string for this field. Terraform wants to be the authoritative source for configuration, so if you define a keycloak_openid_client
with a specific configuration, it will try to ensure that this configuration is always up to date, and will undo manual changes made in the GUI in order to achieve this.
I just want to set the default value as empty in my openid_client custom module and specify S256 only for those who need PKCE (public clients). For now, i can only set the default value to "S256" or "plain".
If you use HCL2 (Terraform 0.12.x or higher), you can achieve this with the null
type. By setting pkce_code_challenge_method = null
, it will behave as if the attribute was not specified at all, resulting in an empty string.
That being said, I understand that the GUI provides a literal empty string as an option in the dropdown for this configuration, so I think it's okay to support that in the provider if you'd still like to do that.
Just let me know how you'd like to proceed.
Thanks for your answer. I use terraform 0.11 for now, but thanks for the tip! My last commit pass the CI successfully, if you agree with my work i let you valid the pull request: https://github.com/mrparkers/terraform-provider-keycloak/pull/198
Hi @mrparkers , thanks for the great job on this provider!
Found an issue with values available for pkce_code_challenge_method. I don't use pkce for confidential clients, only for public ones. So i need to set pkce_code_challenge_method default value to an empty string but i can't :
I can add this empty value to fix the problem and make a PR if you're OK.